4 min
Haxmas
The Layer 8(th) Day of Christmas: Rapid7 Pen Testers Reveal Social Engineering Insights at Recent Conference
Four Rapid7 pen testers recently gathered at the brand-new Layer 8 conference in Rhode Island to present on social engineering and open source intelligence (OSINT) gathering.
5 min
Haxmas
Advice for the Lazy Family Sysadmin
With some careful choices, you can be a lazy family system administrator this holiday. Here’s my experience, along with some tips.
4 min
Haxmas
Once a Haxer, Always a Haxor
Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.
7 min
Haxmas
The New Shiny: Memorable Metasploit Moments of 2018
Happy HaXmas, friends. Metasploit turned 15 this year, and by all accounts, 2018 was pretty epic.
3 min
Haxmas
R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)
Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.
4 min
Haxmas
The Return of Snapid Kevin to the North Pole
Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?
3 min
Haxmas
The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018
It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.
6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12
months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only
eleven months this year, thanks to Microsoft canceling
[https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/]
most of February’s planned fixes. This coincided with when they’d planned to
[https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/]
roll out their
7 min
Haxmas
12 Memorable Metasploit Moments of 2017
This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.
4 min
Haxmas
An Evaluation of the North Pole’s Password Security Posture
Co-written by Jonathan Stines [https://twitter.com/fr4nk3nst1ner] and Tommy Dew
[https://twitter.com/tommydew3]. See all of this year's HaXmas content here
[/tag/haxmas].
He sees your password choices;
He knows when they’re not great.
So don’t reuse those passwords, please,
And make them all longer than eight.
Now that Christmas has passed and all of the chaos from the holidays is winding
down, Santa and the elves are finally able to sit back and recover from the
strenuous Holiday commotion. H
6 min
Haxmas
Regifting Python in Metasploit
Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.
4 min
Haxmas
Forget The Presents: HaXmas Is All About The [Gift] Certificates
2017 is nearly at an end, and most of the cybersecurity world is glad to see it
go. We've been plagued with a myriad of vulnerabilities, misconfigurations and
attacks that have kept many of us working harder than Santa's elves on December
23rd to ensure our systems and networks were not in harm's way.
The attacks may be over, but 2017 is not done "giving" just yet.
Earlier this year, the Google Chrome team announced their intent to deprecate
and remove trust in Symantec-issued certificates due
5 min
Haxmas
Uses For Tech of HaXmas Past
Before you throw technology from HaXmas gifts past on the shelf of misfit toys, consider this story about how one security researcher found new uses for an old gizmo. Your old tech is crying out to be reused!
3 min
Haxmas
HaXmas: The True Meaning(s) of Metasploit
Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.
1 min
Haxmas
On the Zero-eth Day of HaXmas...
I suppose it’s only fitting that this year, we introduce our storied 12 Days of
HaXmas on the zero-eth day. Technically, Twelvetide
[https://en.wikipedia.org/wiki/Twelve_Days_of_Christmas] doesn’t start until
December 25th. This year, we’re focusing on the security events that grabbed our
attention, metrics that piqued our interest, and projects we pursued outside the
blog and research spheres. We wanted to take a moment here at the end of the
year to make sure that they didn’t just get lost lik